Economic damage to Nuance Communications from the NotPetya attack last year is coming in over $90 million.
Initially believed to be a ransomware outbreak, NotPetya hit organizations worldwide June 27, and was found within days to be a destructive wiper instead.
The GRU military spy agency created NotPetya, the CIA concluded with “high confidence” late last year, according to classified reports cited by U.S. intelligence officials in a Washington Post report.
NotPetya used a compromised M.E.Doc update server as an infection vector.
NotPetya affected major organizations, including Rosneft, AP Moller-Maersk, Merck, FedEx, Mondelez International, Nuance Communications, Reckitt Benckiser, and Saint-Gobain, causing millions in damages to every one of them.
Last year, Nuance estimated NotPetya impacted its revenue for the third quarter of 2017 by around $15 million, but the total financial losses the attack incurred are of around $100 million, the company said.
In its latest 10-Q filing with the Securities and Exchange Commission (SEC), Nuance reveals that, for the fiscal year 2017, NotPetya caused losses of around $68.0 million in revenues, and incurred incremental costs of approximately $24.0 million as result of remediation and restoration efforts.
“On June 27, 2017, Nuance was a victim of the global NotPetya malware incident,” the 10-Q report said. “The NotPetya malware affected certain Nuance systems, including systems used by our healthcare customers, primarily for transcription services, as well as systems used by our imaging division to receive and process orders. For fiscal year 2017, we estimate that we lost approximately $68.0 million in revenues, primarily in our Healthcare segment, due to the service disruption and the reserves we established for customer refund credits related to the Malware Incident. Additionally, we incurred incremental costs of approximately $24.0 million for fiscal year 2017 as a result of our remediation and restoration efforts, as well as incremental amortization expenses. Although the direct effects of the Malware Incident were remediated during fiscal year 2017, … the Malware Incident had a continued effect on our results of operations in the first quarter of fiscal year 2018 including contributing to: A year-over-year decline in the annualized line run-rate in our on-demand healthcare solutions and in the estimated three-year value of on-demand contracts; a year-over-year decline in hosted revenue and an increase in restructuring and other charges. In addition, we expect to expend additional resources during fiscal year 2018 and beyond to continue to enhance and upgrade information security.
“In addition,” the report continued,” in December 2017, an unauthorized third party illegally accessed reports hosted on a Nuance transcription platform. This incident was limited in scope to records of approximately 45,000 individuals and was isolated to a single transcription platform that was promptly shutdown. Customers using that platform were notified of the incident and were migrated to our eScription transcription platforms. We also notified law enforcement authorities and have cooperated in their investigation into the matter. This incident did not have a material effect on our financial results for the first quarter of fiscal year 2018 and is not expected to have a material effect on our financial results for future periods.”
Last month, Danish shipping giant A.P. Moller–Maersk said it had to reinstall software on nearly 50,000 devices following the NotPetya assault. In September 2017, FedEx revealed a negative impact of around $300 million on its profit as result of the attack.